Homework Help is Here – Start Your Trial Now!
Engineering
Computer Science
For the Shalyer malware, please write a short paragraph based on the given background and website info: Shalyer – Trojan Shlayer is a downloader and dropper for MacOS malware. It is primarily distributed through malicious websites, hijacked domains, and malvertizing posing as a fake Adobe Flash updater. https://www.cisecurity.org/insights/blog/top-10-malware-march-2022   The directory with executable files inside the application package contains two Python scripts: gjpWvvuUD847DzQPyBI (main) and goQWAJdbnuv6 (auxiliary). The latter implements data encryption functions by means of a byte shift on the key key: The encryptText/decryptText pair of functions encrypt and decrypt strings; encryptList encrypts the contents of the list passed in the arguments; decryptList performs the inverse operation; The getKey() function generates an encryption key based on the time in the operating system.   Shlayer itself performs only the initial stage of the attack — it penetrates the system, loads the main payload, and runs it. The negative consequences for the user can be seen by investigating the AdWare.OSX.Cimpli family, which was being actively downloaded by the Trojan at the time of writing.   The version of Trojan-Downloader.OSX.Shlayer.e discussed above was propagated in a slightly different way. Similar to the previous scheme, users ended up on a page seemingly offering an Adobe Flash update. But they were redirected there from large online services boasting a multimillion-dollar audience. https://securelist.com/shlayer-for-macos/95724/   Evasion Techniques – Summary Here is a summary of the evasion techniques implemented by Shlayer:   Static Detection: In each one of the stages described above, Shlayer decrypts files and executes their code in runtime memory. This technique allows Shlayer to evade static detection mechanisms, such as old-school static anti-virus solutions. Code-Signing & Safe-Browsing: Shalyer evades Apple’s Code-Signing and Safe-Browsing security mechanisms (such as by Chrome and Safari), by utilizing dynamic content download (as further described in stage 2 above). Network Security: Shlayer transmits encrypted payloads over the network, thus it evades network security solutions. In Conclusion The Shlayer Adware disguises as a legitimate Flash-Player installer. It uses a few simple and evasive Bash scripts, which act as droppers. After two stages where Bash scripts are executed, the Mach-O binary installer is executed. Then victims are fingerprinted as their system information such as MAC address and Hardware UUID is harvested. Finally, Shlayer encrypts the data and sends it to a remote C&C to determine the specific applications and extensions to provide the victim. The approach of either dropping stages, mixed with the 3rd Mach-O installer, is interesting as it manages to successfully evade all of the following security measures:   Apple’s built-in security mechanisms Antiviruses, either static or dynamic in some cases. Network security solutions https://malwareanalysis.co/the-malware-shlayer/ * A brief description of the malware including: - the date of the first incident’s report - How does it work, * Explain: - How one should protect his/her system against this malware - If infected, how one can cope with that? Is there any solution?

For the Shalyer malware, please write a short paragraph based on the given background and website info: Shalyer – Trojan Shlayer is a downloader and dropper for MacOS malware. It is primarily distributed through malicious websites, hijacked domains, and malvertizing posing as a fake Adobe Flash updater. https://www.cisecurity.org/insights/blog/top-10-malware-march-2022   The directory with executable files inside the application package contains two Python scripts: gjpWvvuUD847DzQPyBI (main) and goQWAJdbnuv6 (auxiliary). The latter implements data encryption functions by means of a byte shift on the key key: The encryptText/decryptText pair of functions encrypt and decrypt strings; encryptList encrypts the contents of the list passed in the arguments; decryptList performs the inverse operation; The getKey() function generates an encryption key based on the time in the operating system.   Shlayer itself performs only the initial stage of the attack — it penetrates the system, loads the main payload, and runs it. The negative consequences for the user can be seen by investigating the AdWare.OSX.Cimpli family, which was being actively downloaded by the Trojan at the time of writing.   The version of Trojan-Downloader.OSX.Shlayer.e discussed above was propagated in a slightly different way. Similar to the previous scheme, users ended up on a page seemingly offering an Adobe Flash update. But they were redirected there from large online services boasting a multimillion-dollar audience. https://securelist.com/shlayer-for-macos/95724/   Evasion Techniques – Summary Here is a summary of the evasion techniques implemented by Shlayer:   Static Detection: In each one of the stages described above, Shlayer decrypts files and executes their code in runtime memory. This technique allows Shlayer to evade static detection mechanisms, such as old-school static anti-virus solutions. Code-Signing & Safe-Browsing: Shalyer evades Apple’s Code-Signing and Safe-Browsing security mechanisms (such as by Chrome and Safari), by utilizing dynamic content download (as further described in stage 2 above). Network Security: Shlayer transmits encrypted payloads over the network, thus it evades network security solutions. In Conclusion The Shlayer Adware disguises as a legitimate Flash-Player installer. It uses a few simple and evasive Bash scripts, which act as droppers. After two stages where Bash scripts are executed, the Mach-O binary installer is executed. Then victims are fingerprinted as their system information such as MAC address and Hardware UUID is harvested. Finally, Shlayer encrypts the data and sends it to a remote C&C to determine the specific applications and extensions to provide the victim. The approach of either dropping stages, mixed with the 3rd Mach-O installer, is interesting as it manages to successfully evade all of the following security measures:   Apple’s built-in security mechanisms Antiviruses, either static or dynamic in some cases. Network security solutions https://malwareanalysis.co/the-malware-shlayer/ * A brief description of the malware including: - the date of the first incident’s report - How does it work, * Explain: - How one should protect his/her system against this malware - If infected, how one can cope with that? Is there any solution?

Microsoft Windows 10 Comprehensive 2019
Microsoft Windows 10 Comprehensive 2019
1st Edition
ISBN:9780357392607
Author:FREUND
Publisher:FREUND
Chapter7: Microsoft Edge
Section: Chapter Questions
Problem 3EYK
See similar textbooks
icon
Related questions
Question
100%

For the Shalyer malware, please write a short paragraph based on the given background and website info:

  1. Shalyer – Trojan

Shlayer is a downloader and dropper for MacOS malware. It is primarily distributed through malicious websites, hijacked domains, and malvertizing posing as a fake Adobe Flash updater.

https://www.cisecurity.org/insights/blog/top-10-malware-march-2022

 

The directory with executable files inside the application package contains two Python scripts: gjpWvvuUD847DzQPyBI (main) and goQWAJdbnuv6 (auxiliary). The latter implements data encryption functions by means of a byte shift on the key key:

  • The encryptText/decryptText pair of functions encrypt and decrypt strings;
  • encryptList encrypts the contents of the list passed in the arguments; decryptList performs the inverse operation;
  • The getKey() function generates an encryption key based on the time in the operating system.

 

Shlayer itself performs only the initial stage of the attack — it penetrates the system, loads the main payload, and runs it. The negative consequences for the user can be seen by investigating the AdWare.OSX.Cimpli family, which was being actively downloaded by the Trojan at the time of writing.

 

The version of Trojan-Downloader.OSX.Shlayer.e discussed above was propagated in a slightly different way. Similar to the previous scheme, users ended up on a page seemingly offering an Adobe Flash update. But they were redirected there from large online services boasting a multimillion-dollar audience.

https://securelist.com/shlayer-for-macos/95724/

 

Evasion Techniques – Summary

Here is a summary of the evasion techniques implemented by Shlayer:

  1.  
    1. Static Detection: In each one of the stages described above, Shlayer decrypts files and executes their code in runtime memory. This technique allows Shlayer to evade static detection mechanisms, such as old-school static anti-virus solutions.
    2. Code-Signing & Safe-Browsing: Shalyer evades Apple’s Code-Signing and Safe-Browsing security mechanisms (such as by Chrome and Safari), by utilizing dynamic content download (as further described in stage 2 above).
    3. Network Security: Shlayer transmits encrypted payloads over the network, thus it evades network security solutions.

In Conclusion

The Shlayer Adware disguises as a legitimate Flash-Player installer. It uses a few simple and evasive Bash scripts, which act as droppers. After two stages where Bash scripts are executed, the Mach-O binary installer is executed.

Then victims are fingerprinted as their system information such as MAC address and Hardware UUID is harvested. Finally, Shlayer encrypts the data and sends it to a remote C&C to determine the specific applications and extensions to provide the victim.

The approach of either dropping stages, mixed with the 3rd Mach-O installer, is interesting as it manages to successfully evade all of the following security measures:

  •  
    • Apple’s built-in security mechanisms
    • Antiviruses, either static or dynamic in some cases.
    • Network security solutions

https://malwareanalysis.co/the-malware-shlayer/

* A brief description of the malware including:

- the date of the first incident’s report

- How does it work,

* Explain:

- How one should protect his/her system against this malware

- If infected, how one can cope with that? Is there any solution?

 

Expert Solution
steps

Step by step

Solved in 3 steps

SEE SOLUTIONCheck out a sample Q&A here
Blurred answer
Knowledge Booster
Device network connection
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
  • SEE MORE QUESTIONS
Recommended textbooks for you
Microsoft Windows 10 Comprehensive 2019
Microsoft Windows 10 Comprehensive 2019
Computer Science
ISBN:
9780357392607
Author:
FREUND
Publisher:
Cengage
Management Of Information Security
Management Of Information Security
Computer Science
ISBN:
9781337405713
Author:
WHITMAN, Michael.
Publisher:
Cengage Learning,
Principles of Information Security (MindTap Cours…
Principles of Information Security (MindTap Cours…
Computer Science
ISBN:
9781337102063
Author:
Michael E. Whitman, Herbert J. Mattord
Publisher:
Cengage Learning
SEE MORE TEXTBOOKS